But am unsure of how it is suppose to work in real life.
Do you still need unix groups on the samba 3 machine to map to the ADS groups? I noticed some ldap idmap dn settings but am uncertain if this can work off the Win2k ADS or does it require a special schema.
When I run smbclient -k //windows2000server/share from my samba 3 box it fails until I run kinit [EMAIL PROTECTED] is this correct?
I suppose my understanding of the samba 3 ADS architecture is somewhat limited and reading the documentation helps though perhaps assumes a lot of givens so maybe I need to have a dialogue with some one who has 'been there done that' in relation to setitng up a samba 3 box as a windows 2000 member server. If what I am providing is not correct please flame me till I get it right.... I would like to learn more about Samba's setup/configuration.
My setup is a follows
A Win2k DC Running in a VMWARE Session on a "Linux RH9 box running Samba Version CVS 3.1.0alpha1"
my /etc/krb5.conf
[libdefaults] ticket_lifetime = 24000 default_realm = JMCD.LOCAL
[realms]
JMCD.LOCAL = {
kdc = dc1.jmcd.local:88
admin_server = dc1.jmcd.local:749
default_domain = jmcd.local
}[domain_realm] .jmcd.local = JMCD.LOCAL jmcd.local = JMCD.LOCAL
# /etc/smb.conf
# Global parameters
[global]
workgroup = JMCD
realm = JMCD.LOCAL
security = ADS
password server = dc1.jmcd.local:389
client NTLMv2 auth = Yes
client lanman auth = No
client plaintext auth = No
local master = No
ldap ssl = no
idmap backend = ldap:ldap://dc1.jmcd.local
printing = cups[homes]
valid users = %S
read only = No
browseable = No[printers]
path = /tmp
printable = Yes
browseable = No
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
